For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

barneb01_8208's avatar
barneb01_8208
Icon for Nimbostratus rankNimbostratus
Feb 21, 2012

SSL VS w/OCSP responder - Peer cert verify error

I have a SSL VS configured with a client ssl and OCSP authentication profile and I'm observing SSL hanshake failures even though the OCSP response status is successful (0). I enabled "bigpipe db Log.S...
config
design
Emad_26973's avatar
Emad_26973
Icon for Cirrus rankCirrus
Dec 13, 2016

Any Update on this thread as I am facing the same issue.

 

  • barneb01_8208's avatar
    barneb01_8208
    Icon for Nimbostratus rankNimbostratus
    Dec 13, 2016

    Hi Emad, Review the "Client Authentication" settings of the SSL client profile assigned to the VS, and note the available "client certificate" options (ignore, require, request).

     

    The "require" setting enforces Client Certificate Authentication w/OCSP. The BIG-IP will request a client certificate and attempt to verify it. An SSL session is established ONLY if a valid client certificate from a trusted CA was presented AND if the client certificate was configured with the "ssl client" purpose.

     

    Brian